SHA256
3
0
forked from pool/tcpd
tcpd/tcp_wrappers_7.6-fedora-bug17795.diff

55 lines
1.7 KiB
Diff
Raw Normal View History

--- hosts_access.5
+++ hosts_access.5
@@ -90,6 +90,13 @@
pattern `131.155.72.0/255.255.254.0\' matches every address in the
range `131.155.72.0\' through `131.155.73.255\'.
.IP \(bu
+A string that begins with a `/\' character is treated as a file
+name. A host name or address is matched if it matches any host name
+or address pattern listed in the named file. The file format is
+zero or more lines with zero or more host name or address patterns
+separated by whitespace. A file name pattern can be used anywhere
+a host name or address pattern can be used.
+.IP \(bu
An expression of the form `[n:n:n:n:n:n:n:n]/m\' is interpreted as a
`[net]/prefixlen\' pair. A IPv6 host address is matched if
`prefixlen\' bits of `net\' is equal to the `prefixlen\' bits of the
--- hosts_access.c
+++ hosts_access.c
@@ -273,6 +273,26 @@
}
}
+/* hostfile_match - look up host patterns from file */
+
+static int hostfile_match(path, host)
+char *path;
+struct hosts_info *host;
+{
+ char tok[BUFSIZ];
+ int match = NO;
+ FILE *fp;
+
+ if ((fp = fopen(path, "r")) != 0) {
+ while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host)))
+ /* void */ ;
+ fclose(fp);
+ } else if (errno != ENOENT) {
+ tcpd_warn("open %s: %m", path);
+ }
+ return (match);
+}
+
/* host_match - match host name and/or address against pattern */
static int host_match(tok, host)
@@ -300,6 +320,8 @@
tcpd_warn("netgroup support is disabled"); /* not tcpd_jump() */
return (NO);
#endif
+ } else if (tok[0] == '/') { /* /file hack */
+ return (hostfile_match(tok, host));
} else if (STR_EQ(tok, "KNOWN")) { /* check address and name */
char *name = eval_hostname(host);
return (STR_NE(eval_hostaddr(host), unknown) && HOSTNAME_KNOWN(name));